DNS: Attacks on the heart on internet

Just as the heart pumps the blood in every part of the body, Domain Name System (DNS) ensures that packets reach their correct destination. Analogy may not be perfect but criticality of DNS for internet is no less than that of heart for the body.

DNS serves billions of queries every day and make internet work by connecting requesting clients to hosting servers. There are multiple components in DNS that work in coordinated hierarchical fashion to keep the internet up and ticking.

Whenever clients need to access a resource, they use DNS to resolve the domain name to IP. This IP is then used to route the packet to its final destination. Different components of DNS exchange information using what are called records.

Clients run a service called resolver that interacts with DNS server to resolve client queries. For each domain name, there is an authoritative name server who is qualified to give authoritative answers for the queries for that domain. Rests of the servers in hierarchy either serve the answer from their cache or reach out to the authoritative name server. Talking about cache – each component in the domain name system also maintains a cache to avoid reaching out to other name servers for frequently asked names. Cache not only improves the performance of the entire system but also reduces the traffic that floats around the network.

It is not difficult to imagine what will happen if the DNS is rendered inoperable by attacks from malicious sources. Just like applications and networks, DNS is also vulnerable to attacks. Techniques that have been used to attack DNS servers are:

Cache Poisoning: Cache of the name servers is contaminated by attackers so that wrong information will be served to requesting clients

Response Hijacking: Response from name server to client is hijacked to inject incorrect answers in packets reaching the client

DNS Flooding / DDOS: Category of attacks where legitimate clients are not able to get response from the name servers

Here are some of the famous incidents of attacks on DNS infrastructure:

DNS Hijack attack on Twitter affected services for a few hours in Dec’2009

DDOS attack on Amazon DNS provider affected services in Oct’2010

Hackers temporarily seize control of Google Morocco Domain Name in May’2009

Chinese root server was shut down in Mar’2010

In the next couple of blogs we will examine these attacks in depth and how NetScaler provides protection to DNS environments.